Top Service Mesh Questions Answered!

There’s a lot of talk about service mesh these days (What is it? Do I need it? Who should own it? Will it play nicely with my tech stack? Will it actually work or is it going to be the biggest disaster since the Empire left the Deathstar’s thermal exhaust ports undefended? Ok, not that last question, but you get the idea.). Keep reading to find answers to the questions about service mesh that we hear most often.

Or if you’re looking for industry terminology definitions, skip to the Glossary below.

Do I need a service mesh if I’m using microservices?

It depends! Eventually you will, but there is a threshold where it becomes a no-brainer. We recommend that you schedule a short call with one of our meshperts, so we can help you identify if/when a service mesh is right for you. Here are some questions to help you prep for your call:

  • Are you using Kubernetes?
  • Are you planning to scale microservices to multiple applications?
  • What are your critical gaps with your microservices?

If you are gaining speed and agility with microservices, but you’re worried about stability and security, a service mesh may be able to help.

What business outcomes do I get from service mesh?

In a nutshell, things like:

  • Improved developer experience for your internal teams and end user experience
  • Decreased risk – a service mesh can help you be more secure and compliance, ensuring data integrity
  • Business value – Aspen Mesh allows your engineers to spend less time managing infrastructure and more time adding business value. After all, managing microservices is likely not your business core competency, so let us remove as much of that burden as possible

Where does a service mesh fit into my organization?

If you have a platform team, it makes the most sense for them to own your service mesh. However, with many teams shifting from traditional to dev only teams, it makes sense for you to have a conversation about this with your stakeholders in order to find the best solution. Of course, we’re here to help you work through questions like this as well, so feel free to reach out with any concerns about getting the most out of your service mesh – for your team and your end users.

Can I use service mesh for brownfield deployments?

Yes! We’re seeing more companies using service mesh for both greenfield (installation and configuration of a network where none existed before) and brownfield (upgrades or additions to an existing network that uses some legacy components) deployments. 

As service mesh matures, it makes more sense for brownfield deployments. Aspen Mesh can help you increase velocity and stability when migrating legacy system to microservices, connecting your new and legacy systems.

What does Istio provide that Kubernetes doesn’t?

Kubernetes (K8s) is an open-source production-grade container orchestration system for automating deployment, scaling and management of containerized applications. Kubernetes is great for container deployment challenges, but as your company and complexity grow, K8s leaves some runtime challenges unsolved. Enter service mesh.

A service mesh like Istio allows you to connect, secure, control and observe your microservices. Istio provides the basics for traffic management, telemetry and security. 

Aspen Mesh takes Istio a step further, providing more advanced features for enterprise organizations including mTLS, fine-grained RBAC, policy frameworks, Istio Vet, SSO and more. In addition, Aspen Mesh is fully supported by a team of engineers, so when you run into challenges (and you will!), we are here to help you resolve them as efficiently and effectively as possible.

How do I integrate Istio/Aspen Mesh with my current stack?

We have worked with some of the largest enterprises in the world and our F5 heritage means we can help you effectively integrate with any legacy applications. Every stack is different, but we’ve integrated Istio with all kinds of different application architectures.

We’re always working to develop new integrations, so feel free to let us know if there are any specific integrations you need.

Do I have to change my applications to use Istio?

In most situations, you do not need to change your applications to get the benefits of service mesh. However, there are a few scenarios in which you might need to change your applications when using Istio. For example, in order to enable mTLS between all the services in your cluster, you need to offload encryption responsibility to the sidecar.

What is the answer to the Ultimate Question of Life, the Universe, and Everything?

42

How does Aspen Mesh compare to Istio?

Yes! We’re seeing more companies using service mesh for both greenfield (installation and configuration of a network where none existed before) and brownfield (upgrades or additions to an existing network that uses some legacy components) deployments. 

As service mesh matures, it makes more sense for brownfield deployments. Aspen Mesh can help you increase velocity and stability when migrating legacy system to microservices, connecting your new and legacy systems.

Features Istio Aspen Mesh
Traffic Management    
Circuit Breaking    
Dynamic Request Routing    
Service Discovery    
HTTP, HTTP/2 and gRPC support    
Telemetry and metrics    
mTLS    
Retries and Deadlines    
Load Balancing    
Distributed Tracing    
Intuitive UI    
Fine-grained RBAC  
Istio Vet  
Simplified mTLS management  
Objective-driven Policy  
Tested and hardened distribution  
Full Support  

If you want to deep dive into how service mesh can help you more effectively manage microservices, get a complimentary ebook on Getting The Most Out Of Service Mesh.

DOWNLOAD EBOOK

Glossary

Service Mesh: a configurable infrastructure layer for a microservices application. It makes communication between service instances flexible, reliable, and fast. … The service mesh is usually implemented by providing a proxy instance, called a sidecar, for each service instance. The service mesh exists to provide solutions to the challenges of ensuring reliability (retries, timeouts, mitigating cascading failures), troubleshooting (observability, monitoring, tracing, diagnostics), performance (throughput, latency, load balancing), security (managing secrets, ensuring encryption), dynamic topology (service discovery, custom routing), and other issues commonly encountered when managing microservices in production.

Istio: an open source service mesh based on Kubernetes that leverages a sidecar proxy architecture to make it easy to connect, secure, control, and observe services.

Aspen Mesh: a fully supported enterprise service mesh that adds traffic management and security capabilities to Istio. 

Container: a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

Container orchestration framework. As more and more containers are added to an application’s infrastructure, a separate tool for monitoring and managing the set of containers – a container orchestration framework – becomes essential. Kubernetes has cornered this market, with even its main competitors, Docker Swarm and Mesosphere DC/OS, offering integration with Kubernetes as an alternative.

Kubernetes: a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. … Kubernetes services, support, and tools are widely available. Google open-sourced the Kubernetes project in 2014.

Sidecar – The service mesh is usually implemented by providing a proxy instance, called a sidecar, for each service instance. Sidecars handle inter‑service communications, monitoring, security‑related concerns – anything that can be abstracted away from the individual services. This way, developers can handle development, support, and maintenance for the application code in the services; operations can maintain the service mesh and run the app.

Sidecar proxy. A sidecar proxy is a proxy instance that’s dedicated to a specific service instance. It communicates with other sidecar proxies and is managed by the orchestration framework.

Microservices application: a software development technique—a variant of the service-oriented architecture (SOA) architectural style that structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight.

RBAC Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them.

Bi-modal IT, according to Gartner, is the ability to deliver on both traditional IT applications with a focus on stability and uptime, and newer, more agile but possibly less tested applications through newer methods involving things like the ability of developers to self-provision machines and short development cycles.

Low-code platforms,  tend to be much more synchronized with the technology governance requirements of your wider enterprise IT organization. They offer scalable architectures, the ability to extend platform capabilities with open APIs for reusability, and more flexibility when it comes to cloud and on-premises deployment. They enable developers to exercise control with application testing, quality and performance tooling while incorporating the high productivity techniques seen in no-code solutions to speed development through visual means.

Services vs. service instances. To be precise, what developers create is not a service, but a service definition or template for service instances. The app creates service instances from these, and the instances do the actual work. However, the term service is often used for both the instance definitions and the instances themselves.

Service discovery. When an instance needs to interact with a different service, it needs to find – discover – a healthy, available instance of the other service. The container management framework keeps a list of instances that are ready to receive requests.

Load balancing. In a service mesh, load balancing works from the bottom up. The list of available instances maintained by the service mesh is stack‑ranked to put the least busy instances – that’s the load balancing part – at the top.

Encryption. The service mesh can encrypt and decrypt requests and responses, removing that burden from each of the services. The service mesh can also improve performance by prioritizing the reuse of existing, persistent connections, reducing the need for the computationally expensive creation of new ones.

Authorization: verify the actor is allowed to access the requested protected data. A service mesh can authorize and authenticate requests made from both outside and within the app, sending only validated requests to service instances.

Authentication: verify the identity of the actor seeking access to protected data.  A service mesh can authorize and authenticate requests made from both outside and within the app, sending only validated requests to service instances.

SDO: software delivery and operational performance, or SDO performance. Those include increased profitability, productivity, market share, customer satisfaction, and the ability to achieve organization and mission goals.

Monitoring: a method to report the overall health of systems. Monitoring is best limited to key business and systems metrics derived from time-series based instrumentation, known failure modes and blackbox tests. 

Observability: a step beyond monitoring, observability provides highly granular insights into the behavior of systems along with rich context, perfect for debugging purposes.

Greenfield Deployment: in networking, a greenfield deployment is the installation and configuration of a network where none existed before.

Brownfield Deployment: in contrast to a greenfield deployment, a brownfield deployment is an upgrade or addition to an existing network that uses some legacy components.

Take Aspen Mesh for a Test Drive

Aspen Mesh is the simple, production-ready service mesh. Start your 30-day free trial to find out what it can do for you.

Start Your Trial